On Tue, 8 May 2018, Michael Lopez wrote:
Hi David,
Thanks again for the reply. I'll try to delimit it at the
file level and see if that works by using ERE. The issue with syslogng was
doing it at the file level is the message was already broken by the time it
hit the file layer.
how is the message being generated?
the API for sending/receiving data via TCP doesn't let you know where the packet
boundries are as far as I know.
If all your logs are single lines, then they should work by default.
If you are trying to send multi-line logs, you have two choices with rsyslog
1. escape the newlines in the middle of the messages before you send them
2. use the octet counting mode to send the logs via TCP
personally, I would use the first method, because there are a lot of things in
log processing that assume that messages are a single line, and while you can
use octet counting to make rsyslog handle them, having to fix this in every tool
you end up using is going to be more of a pain than having the escaped character
sequence in the middle of your message.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
